Add a test on err_str buffer presence before trying to use it,
like what is done in other code paths.
Bug: 12143
Change-Id: I30ae49a33224dc190c202637767df9d7de2c0f2b
Reviewed-on: https://code.wireshark.org/review/14074
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I3de7c2a6292a2f3fc57fdb849c23c3b31f6e4a13
Reviewed-on: https://code.wireshark.org/review/14052
Petri-Dish: João Valverde <j@v6e.pt>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Remove mostly obsolete aclocal macros. Make GTK build flags a strict superset
of GLib flags. Use GTK build variables for GTK GUI and GLib elsewhere. Add
dependency flags explicitly instead of using WS_CPPFLAGS.
Some minor improvements and fixes for missing/unnecessary variables (no impact
on our test builds).
Change-Id: I3e1f067a875f79d6516c1fa7af986f17a7a6b671
Reviewed-on: https://code.wireshark.org/review/14005
Reviewed-by: João Valverde <j@v6e.pt>
They should not be necessary.
Change-Id: I9246d86862392c65839c18d13d8634bcf510d55e
Reviewed-on: https://code.wireshark.org/review/13992
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If you include something from the wiretap directory, always precede it
with wiretap/.
Fix some includes of files in the top-level directory to use a path
relative to the current directory, not relative to the wiretap
directory.
This makes it a bit clearer what's being included.
Change-Id: Ib99655a13c6006cf6c3112e9d4db6f47df9aff54
Reviewed-on: https://code.wireshark.org/review/13990
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
File had both whitespaces and tabs for indentation. Replace
whitespace indentation with tabs. This is the same indentation
mode as ws80211.c file uses.
Change-Id: I46bbd675f5089eb502b489fdfd70f30510bc95ef
Reviewed-on: https://code.wireshark.org/review/13963
Reviewed-by: Anders Broman <a.broman58@gmail.com>
GNU coding standards recommend against it and automake is designed
around it.
This allows overriding the global build flags using AM_CFLAGS, etc.,
or per object flags, something that is difficult or impossible currently
because of automake precedence rules.
Change-Id: I3f1ea12e560af5a46b2f04b342b1882bbf123f12
Reviewed-on: https://code.wireshark.org/review/13455
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Valgrind report memleaks like these when using the wireless
toolbar to create a monitor interface and/or changing channel:
4,168 (72 direct, 4,096 indirect) bytes in 1 blocks are definitely lost in loss record 31 of 32
at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x5BD0742: ??? (in /lib/x86_64-linux-gnu/libnl-3.so.200.16.1)
by 0x116308: ws80211_create_on_demand_interface (ws80211_utils.c:699)
by 0x116308: ws80211_set_freq (ws80211_utils.c:729)
by 0x10D70E: set_80211_channel (dumpcap.c:4262)
by 0x10D70E: main (dumpcap.c:4935)
4,168 (72 direct, 4,096 indirect) bytes in 1 blocks are definitely lost in loss record 32 of 32
at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x5BD0742: ??? (in /lib/x86_64-linux-gnu/libnl-3.so.200.16.1)
by 0x116400: ws80211_set_freq (ws80211_utils.c:733)
by 0x10D70E: set_80211_channel (dumpcap.c:4262)
by 0x10D70E: main (dumpcap.c:4935)
Change-Id: Ia1de630859d96653310fbb3efebdc439ebf107b8
Reviewed-on: https://code.wireshark.org/review/13237
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Return an error string if that happens.
If it doesn't fail, it will return a value >= 1; it will never return 0,
so don't check for that.
Change-Id: I6d7ee2683c1ceae73e9d9d61c0a6e6d30b2c4400
Reviewed-on: https://code.wireshark.org/review/13100
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We only need is_linux_bonding_device() if we have pcap_create(). We
need get_data_link_types() regardless of whether we have pcap_create()
or not.
Change-Id: I035f8ddcd57c0424662a2029f928bffa969a3f6c
Reviewed-on: https://code.wireshark.org/review/13099
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Few of these functions exist if we're not building with libpcap.
Change-Id: Icead80bc1993a229341fb4fcba6f1e5901c610ee
Reviewed-on: https://code.wireshark.org/review/13097
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Move the code to open capture devices and get properties of capture
devices there, joining the code to get a list of capture devices.
This lets us do a better job of handling pcap_create() in WinPcap,
including handling both WinPcap with pcap_create() and WinPcap without
pcap_create() at run time, just in case somebody tries using WinPcap 3.x
with a Wireshark built with WinPcap 4.x.
It also could make it easier to use libpcap/WinPcap directly in
Wireshark and TShark, if we have versions of libpcap/WinPcap that run
small helper utilities to do privileged functions, allowing programs
using them never to need elevated privileges themselves. That might
make it easier to fix some issues with running TShark when not saving to
a file (we could avoid the file entirely) and with delays when stopping
a capture in Wireshark (Wireshark could stop writing to the file as soon
as you click the stop button, rather than letting dumpcap do so when the
signal gets to it).
It might also make it easier to handle future versions of
libpcap/WinPcap that support using pcap_create()/pcap_activate() for
remote captures, and other future extensions to libpcap/WinPcap.
Rename some XXX_linktype routines to XXX_datalink to indicate that they
work with DLT_ values rather than LINKTYPE_ values; future versions of
libpcap might use LINKTYPE_ values in newer APIs.
Check for pcap_create() on all platforms in CMake.
Change-Id: Ia12e1692c96ec945c07a135d246958771a29c817
Reviewed-on: https://code.wireshark.org/review/13062
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't check HAVE_LIBPCAP elsewhere, and we do use GLib functions, but
don't use the GLib dynamic-loading APIs ourselves, and don't appear to
use anything from libpcap or libwiretap, so include only <glib.h> and
include it unconditionally.
Change-Id: I97f06f56b7d87c671c0aaea1a0e60f2df7adfbd1
Reviewed-on: https://code.wireshark.org/review/13067
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it clearer that they're libwiretap headers.
Change-Id: Ia78a3496913b901073ee59e62bfb72c1677450fa
Reviewed-on: https://code.wireshark.org/review/13064
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Disable shorten-64-to-32 in ws80211_create_on_demand_interface,
which calls NLA_PUT_STRING, which passes the output of strlen to an
int parameter. NLA_PUT_STRING is defined in netlink/attr.h so there's
not much we can do to fix it directly.
Suppress -Wpragmas before suppressing warnings in gcc so that we can
use DIAG_OFF with clang-only warnings.
Change-Id: I1180950edd93c056b8fbfbed164e482024aee90a
Reviewed-on: https://code.wireshark.org/review/12314
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Autotools only warning.
Change-Id: I30f33d2f8611d662dbc62326862707bf05ad3f60
Reviewed-on: https://code.wireshark.org/review/12150
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
It's an ancient obsolete option with a confusing name.
Change-Id: Ib10330cf859cdea18fed2077c6539e56350ef380
Reviewed-on: https://code.wireshark.org/review/11967
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add "/WX" to the Visual C++ compiler flags if DISABLE_WERROR is off,
similar to config.nmake.
We haven't compiled C++ code with -Wshorten-64-to-32 for quite
some time so there's no need to add -Wno-shorten-64-to-32 in
ui/qt/CMakeLists.txt.
Additionally, squelch
----
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3050) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data (.\rpc_service_response_time_dialog.cpp)
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3065) : see reference to function template instantiation 'void std::_Median<_RanIt,bool(__cdecl *)(const QString &,const QString &)>(_RanIt,_RanIt,_RanIt,_Pr)' being compiled
with
[
_RanIt=QList<QString>::iterator
, _Pr=bool (__cdecl *)(const QString &,const QString &)
]
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3127) : see reference to function template instantiation 'std::pair<_RanIt,_RanIt> std::_Unguarded_partition<_RanIt,bool(__cdecl *)(const QString &,const QString &)>(_RanIt,_RanIt,_Pr)' being compiled
with
[
_RanIt=QList<QString>::iterator
, _Pr=bool (__cdecl *)(const QString &,const QString &)
]
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3157) : see reference to function template instantiation 'void std::_Sort<_Iter,int,bool(__cdecl *)(const QString &,const QString &)>(_RanIt,_RanIt,_Diff,_Pr)' being compiled
with
[
_Iter=QList<QString>::iterator
, _RanIt=QList<QString>::iterator
, _Diff=int
, _Pr=bool (__cdecl *)(const QString &,const QString &)
]
.\rpc_service_response_time_dialog.cpp(130) : see reference to function template instantiation 'void std::sort<QList<QString>::iterator,bool(__cdecl *)(const QString &,const QString &)>(_RanIt,_RanIt,_Pr)' being compiled
with
[
_RanIt=QList<QString>::iterator
, _Pr=bool (__cdecl *)(const QString &,const QString &)
]
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3051) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data (.\rpc_service_response_time_dialog.cpp)
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3052) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data (.\rpc_service_response_time_dialog.cpp)
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3053) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data (.\rpc_service_response_time_dialog.cpp)
----
in both rpc_service_response_time_dialog.cpp and wireshark_application.cpp
so that we'll compile successfully.
Change-Id: I457bcede99dcb1f3c1001f1f559c4901bb000357
Reviewed-on: https://code.wireshark.org/review/10533
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Found by starting Wireshark within an empty profile, opening
Preferences, search for Protocol "IEEE 802.11" (because it has radio
buttons), then close everything again.
Many fixes are trivial, but the various recent_read_* functions in
recent.c were changed to return a boolean such that the result can
always be checked even if errno==0.
QButtonGroup leak was hinted by Clang Static Analyzer, all other
memleaks were found using ASAN/LSan.
Change-Id: Ia73f5d4c09d92f22e72377be59e23342f8ad7211
Reviewed-on: https://code.wireshark.org/review/10776
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Make use of -A parameter when querying data link types supported by a given interface with dumpcap.
Ensure to pass the authentication parameters configured for a remote interface when calling capture_get_if_capabilities()
Bug: 11366
Change-Id: I4efea615084a82108e4a12a64e8c46817f30a5c6
Reviewed-on: https://code.wireshark.org/review/9690
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Valgrind picked this up as a very large memory leak on systems with libnl,
since the GUI polls this code regularly and was leaking several nl messages
each time.
Change-Id: Ie6b32e094d90183a16fb187adea430c4b43c208c
Reviewed-on: https://code.wireshark.org/review/9502
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
size is '520' bytes, but '1042' bytes might be written.
Change-Id: Ic88bc977011eff9ae3c2a4a5ba717e78dbb1171c
Reviewed-on: https://code.wireshark.org/review/9452
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the wireless toolbar to the Qt UI.
Start adding AirPcap support to ui/80211_utils. Add FCS validation
routines to ws80211_utils.
Move a bunch of AirPcap routines that require epan from caputils to
ui/gtk. They were required for driver key management, which we'll
leave to the AirPcap Control Panel in the Qt UI.
Move frequency-utils to wsutil.
Change-Id: I44446758046621d183f5c2ba9f6526bf01e084f1
Reviewed-on: https://code.wireshark.org/review/8910
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This patch extends the existing decryption support for WPA to also
handle rekeys by checking each decrypted packet for a 4-way-handshake.
Rekeys can be used for WPA-PSK, but are more common with WPA-Enterprise
(WPA-EAP).
For decrypting WPA-EAP secured packets the user must provide all used PMK's
of the connection (aka PSK's) as WPA-PSK 32 byte hex values to wireshark
via the existing interface.
(The capture must have all 4-way-handshakes included also, starting with
the first unencrypted one.)
Every decrypted unicast packet will habe the used PMK and TK shown in the
CCMP/TKIP section below the key index in the GUI. Group packets will display the
GTK instead.
Additionally this fixes a small issue with group rekey handling, so every packet
can be selected in the GUI in random order, removing the need to manually find
the correct group keying packets prior to that.
It was tested primary with WPA-CCMP, but TKIP is also working.
One section in the code touch bluetooth 802.1X support. It should do
exactly the same, but will now also examine all decypted packets for rekeys.
Ping-Bug: 11172
Change-Id: I19d055581fce6268df888da63485a48326046748
Reviewed-on: https://code.wireshark.org/review/8268
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Most of our sites are now HTTPS-only. Update URLs accordingly. Update
other URLs while we're at it. Remove or comment out dead links.
Change-Id: I7c4f323e6585d22760bb90bf28fc0faa6b893a33
Reviewed-on: https://code.wireshark.org/review/7621
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
/usr/include/libnl3/netlink/types.h:25:15: warning: comma at end of enumerator list [-Wpedantic]
/usr/include/libnl3/netlink/handlers.h:65:9: warning: comma at end of enumerator list [-Wpedantic]
/usr/include/libnl3/netlink/handlers.h:81:18: warning: comma at end of enumerator list [-Wpedantic]
/usr/include/libnl3/netlink/handlers.h:113:18: warning: comma at end of enumerator list [-Wpedantic]
/usr/include/libnl3/netlink/utils.h:43:13: warning: comma at end of enumerator list [-Wpedantic]
/usr/include/libnl3/netlink/attr.h:47:16: warning: comma at end of enumerator list [-Wpedantic]
/usr/include/libnl3/netlink/route/link.h:95:23: warning: comma at end of enumerator list [-Wpedantic]
...
Change-Id: I3f14e9d4887569e5d7befe1adb77561c8793437e
Reviewed-on: https://code.wireshark.org/review/7201
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
g_string_free(str, FALSE) frees the GString container but not the
underlying g_malloc()ed string; instead, it returns a pointer to the
g_malloc()ed string.
Fix those places that didn't already get the string pointer from
g_string_free() to do so rather than manually extracting the string
themselves.
And fix one place that didn't even need to use a string - it was just
scanning a C string without even modifying it.
Change-Id: Ibbf4872bf5b9935b9907f539b6edb1013f3053a5
Reviewed-on: https://code.wireshark.org/review/6532
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Instead of always ignoring the return value, always check it, and only
report an error if it returns FALSE.
(Alternative: have it return NULL on success and a pointer to a
g_malloc()ed string on failure.)
Fix a comment while we're at it.
Change-Id: Icb72c9f47775b6552e3eb4fe5ddcc85482bfb5fb
Reviewed-on: https://code.wireshark.org/review/6528
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I009c09f25d170e5c9aaaef713eaacb3252817856
Reviewed-on: https://code.wireshark.org/review/6460
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Move capchild, caputils, codecs and wsutil into a Libs group
Move gtkui into UI group
Move update-sminmpec into tools group
Change-Id: Iaf2bfe4697265af2c3ed9c9d7de2d5d1ef3cafee
Reviewed-on: https://code.wireshark.org/review/6332
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Graham Bloice <graham.bloice@trihedral.com>
Leftover crud before I notied that RTLD_NEXT would do what I want.
Change-Id: I5e510e74c65b211e6cc6c300e760869abb399dc8
Reviewed-on: https://code.wireshark.org/review/5121
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The latest Xcode, as of today, has only 10.9 and 10.10 SDKs, which means
that, if we build Wireshark and request a deployment minimum release of
10.6, we'll be building against an SDK in which libpcap has routines
that aren't available in 10.6 and that doesn't use weak linking for
them, so the resulting binary won't actually work on 10.6.
Use the run-time loader to find those routines (currently, only
pcap_set_tstamp_precision()) and call them only if we find them.
On other UN*Xes, we still assume that we'll be running only on the
release against which we were built and newer releases.
Change-Id: Iab20d86fe3be4b299cfb6e25c1f95dc6e1581661
Reviewed-on: https://code.wireshark.org/review/5120
Reviewed-by: Guy Harris <guy@alum.mit.edu>
To populate the Wireless Toolbar menu the NL80211_CMD_GET_WIPHY
command is used. Some network interfaces must use split wiphy dump
feature for this command to function properly. One such example is the
D-Link DWA-160 USB adapter that does not show up when used without.
Make use of split wiphy dump feature whenever kernel supports it
to populate the list of monitor interfaces for the Wireless Toolbar.
Bug: 10564
Change-Id: Idc28e92f91a2488fa48eeb282a0ef1e2bd40a5f0
Reviewed-on: https://code.wireshark.org/review/4611
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
C does not guarantee that char is signed (that's why there's a keyword
"signed"). Use gint8, to indicate that it's not a character, it's an
8-bit signed integer.
Change-Id: Id632df23352840cbc86a4d88f4c7dade95ab7837
Reviewed-on: https://code.wireshark.org/review/4736
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Split up the ws80211_get_phys parser callback handler function into
separate functions for each attribute parsed. This is done in
preparation for supporting split wiphy dump feature where the function
logics will need modications.
Change-Id: Ic0b497fc628f0e7453cd62eb8199f17f9a308a7f
Reviewed-on: https://code.wireshark.org/review/4610
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
HAVE_PORTAUDIO_H didn't work for Stig. Use PORTAUDIO_FOUND instead,
which is the correct name to use according to the
FIND_PACKAGE_HANDLE_STANDARD_ARGS documentation. Use xxx_FOUND in a
couple of other places.
Conditionally build caputils/airpcap_loader.c.
Change-Id: I6a134192902229a446dccf43bfb7bbfe2a55d1e2
Reviewed-on: https://code.wireshark.org/review/4291
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Stig Bjørlykke <stig@bjorlykke.org>